Amazon · Amazon Privacy Notice

Sensitive Personal Information Collection

High severity
Share 𝕏 Share in Share 🔒 PDF

What it is

Amazon collects sensitive categories of personal data including your credit card numbers, health-related purchase information, precise location, and voice and video content from your devices.

Consumer impact (what this means for users)

Amazon collects and processes sensitive personal data including financial account numbers, health-related purchase history (e.g., medications, medical devices), precise geolocation, and voice/video recordings — all of which carry heightened breach risks and may be used for advertising profiling unless you actively restrict their use.

Cross-platform context

See how other platforms handle Sensitive Personal Information Collection and similar clauses.

Compare across platforms →
Need full compliance memos? See Professional →

Why it matters (compliance & risk perspective)

Collection of sensitive personal information categories — particularly health data inferred from purchases and precise location — creates heightened privacy and security risks and triggers stricter legal obligations in many jurisdictions.

View original clause language
The types of personal information we collect include financial information, including credit card and debit card numbers; health and personal care items; precise location; voice, image, and video content; browsing and search history.

Institutional analysis (Compliance & legal intelligence)

REGULATORY FRAMEWORK: CCPA/CPRA §1798.140(ae) designates financial account numbers, precise geolocation, and health data as 'sensitive personal information' subject to use limitation rights under §1798.121. GDPR Art. 9 designates health data as a special category requiring explicit consent or another Art. 9(2) basis; financial data is not Art. 9 special category but is subject to enhanced security under Art. 32. Washington My Health MY Data Act (SB 1155) and Nevada SB 370 regulate consumer health data beyond HIPAA's reach. FTC Act Section 5 applies to deceptive collection of sensitive financial data. PCI DSS applies to credit/debit card data handling.

🔒

Compliance intelligence locked

Regulatory citations, enforcement risk, and due diligence action items.

Watcher $9.99/mo Professional $149/mo

Watcher: regulatory citations. Professional: full compliance memo.

Applicable agencies

  • FTC
    The FTC has authority over unfair collection and use of sensitive personal information including health data used for advertising under Section 5 of the FTC Act.
    File a complaint →
  • State AG
    Washington State AG enforces the My Health MY Data Act covering health data inferred from purchases; California CPPA enforces CPRA sensitive data use limitations.
    File a complaint →

Provision details

Document information
Document
Amazon Privacy Notice
Entity
Amazon
Document last updated
April 29, 2026
Tracking information
First tracked
April 27, 2026
Last verified
April 27, 2026
Record ID
CA-P-003246
Document ID
CA-D-00027
Evidence Provenance
Source URL
https://www.amazon.com/gp/help/customer/display.html?nodeId=468496
Wayback Machine
View archived versions →
SHA-256
c3ec0243c0cce6b332e8df7d3c8e2518cd7d2e0078f5bc2fe353d6612b8a01f8
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: Amazon | Document: Amazon Privacy Notice | Record: CA-P-003246
Captured: 2026-04-27 10:46:06 UTC | SHA-256: c3ec0243c0cce6b3…
URL: https://conductatlas.com/platform/amazon/amazon-privacy-notice/sensitive-personal-information-collection/
Accessed: May 2, 2026
Classification
Severity
High
Categories
Unknown

Other provisions in this document